Table of Contents

Preface

Section 1 – Modern Security Challenges

Chapter 1: Protecting People, Information, and Systems – a Growing Problem

Why cybercrime is here to stay – a profitable business model

The macro-economic cost of cybercrime

The global cost of identity theft

Intellectual property and Western economies

Micro-level impacts and responses to cybercrime

The role of governments and regulation

Industry regulation

The growing need for data privacy regulation

Data sovereignty regulations

Workers' councils

The foundational elements of security

People

Information

Systems

The cybersecurity talent shortage

Summary

Check your understanding

Further reading

Chapter 2: The Human Side of Cybersecurity

People exploiting people

Social engineering techniques

Stealing credentials

Malicious software

The three types of insider threats

Well-meaning insiders

Compromised accounts

Malicious insiders

Summary

Check your understanding

Further reading

Chapter 3: Anatomy of an Attack

Understanding the risk from targeted attacks

Organized crime

State-sponsored actors and military operations

Hacktivists and terrorists

Insider threats

Risk treatment planning

Stages of an attack

Extortion

Gaining access to target systems

Installing malicious software

Spreading the infection

Notifying the victim and making demands

Stealing information

Identifying what to steal

Gaining access to information

Aggregating information

Exfiltrating information

Generating economic benefit

System disruption or destruction

Attacks on critical infrastructure

Revenge attacks

Cyber weapons of war

Attackers for hire

Dark web forums

Malware as a Service

Summary

Check your understanding

Further reading

Section 2 – Building an Effective Program

Chapter 4: Protecting People, Information, and Systems with Timeless Best Practices

The most important threat vector

Email attacks by the numbers

Types of email-based attacks

Time-honored best practices that could stop most breaches

Concept of Least Privilege

Need to Know

Role-Based Access Control

Identity Management

Vulnerability management and patching

Capabilities necessary in the remote world

Factors of authentication

Why your password is meaningless

Multifactor authentication

Network segmentation

Allowed applications

The role of human behavior

Behavior analysis for authentication

Behavior analysis for anomaly detection

Adaptive security in human behavior

The everything, everywhere world

Summary

Check your understanding

Further reading

Chapter 5: Protecting against Common Attacks by Partnering with End Users

A framework for effective training

Frequency

Content

Scope

Making your people your partners

Making people active participants

Simulations are better than presentations

Educating about data

Training people to protect against common hacking techniques

Social engineering awareness

Phishing training and prevention

Technologies supporting people

Tabletop exercises

Summary

Check your understanding

Further reading

Chapter 6: Information Security for a Changing World

Frames of reference

Military connection

Security triumvirates

Challenges with the traditional information security model

Protecting information

Challenges of information protection

Protecting information is a critical capability

Mapping data flows

Cross-functional collaboration

Securing networks and workloads – past, present, and future

Securing networks

Securing cloud workloads

Securing identities and granting access

Verifying identities

Granting access

Permissions accumulation

Human behavior

Securing endpoints

Summary

Check your understanding

Further reading

Section 3 – Solutions to Common Problems

Chapter 7: Difficulty Securing the Modern Enterprise (with Solutions!)

Cybersecurity talent shortage

Not enough people!

Services can help!

Automation

Too much technology with too little process

Console whiplash

Siloed programs

Lack of business involvement

What are we trying to accomplish?

Cyber risk is business risk

Risk treatment planning

Looking for material risk factors

Lack of continuing education

The pace of change

Updating certain skills

Applying timeless concepts

Summary

Check your understanding

Further reading

Chapter 8: Harnessing Automation Opportunities

Defining automation opportunities

A brief introduction to finance

Mapping a task by its cost basis

Documenting manual processes

Automating processes

Gathering data and applying context

Ethics in AI

Testing the system

The confusion matrix

Hybrid implementations

How attackers can leverage automation

Summary

Check your understanding

Further reading

Chapter 9: Cybersecurity at Home

Protecting children and teaching them about online safety

The permanence of social media

The truth behind the façade

The danger lurking online

Password managers

Multifactor authentication

Password complexity and why it matters

Stop publishing your information!

Scraping

Summary

Check your understanding

Further reading

Answers

Chapter 1

Chapter 2

Chapter 3

Chapter 4

Chapter 5

Chapter 6

Chapter 7

Chapter 8

Chapter 9

Why subscribe?

Other Books You May Enjoy